Skip to content

Latest commit

 

History

History
60 lines (44 loc) · 2.66 KB

README.md

File metadata and controls

60 lines (44 loc) · 2.66 KB
Raw

Auditable logging application

This is a sample application of logging app that takes advantage of CCF's ability for granular access control.

Use case

One or more entities wishes to establish an auditable logging system. Data logged to the system must only be revealed to authorized users, the service operator must not be able to access the data.

What the app does?

This application provides a REST API with following endpoints:

  • POST /log/
    • Write a log record
    • It can be called by members
    • Params: log_id
    • Example request body: { "message": "hello 10" }
    • Status code for successful calls: 204
  • PUT: /users/{user_id}/permission
    • Set permission for a user (auditor)
    • It can be called by members
    • Members can specify log item ID (application specific) and sequence number that the user can access.
    • Example request body 0: { "startSeqNo": 0, "lastSeqNo": 100, "startLogId": 0: "lastLogId": 10 }
    • Example request body 1: { "allowAnySeqNo": true, "allowAnyLogId": true }
    • Example request body 2: { "allowOnlyLatestSeqNo": true, "allowAnyLogId": true }
  • GET: /log/
    • Show a log record
    • It can be called by members or users
    • Params: log_id, seq_no
    • Response: return the item corresponding to the log_id and seq_no. If the log_id or seq_no is not allowed to the user, returns 403.

Why CCF?

There are multiple reasons that you want to use CCF for the logging system that is checked by auditors.

  • The ledger generated by CCF is tamper-proof, it cannot be modified after having been produced; it is immutable. Even users without a full copy of the ledger, holding their transaction receipts, are protected.
  • You can build the application so that the owners of the log records can disclose only the records that they want to share with auditors.
  • By using historical query, the owners can disclose only items of specified sequence numbers. For example if the owners allowed an auditor to access seqno 0 to 100, the auditor cannot access to log items newer than seqno 100.

How to run the tests

The logging application also has a suite of tests that run in a sandbox; please ensure you do not have an existing sandbox running.

cd auditable-logging-app
make test

Interact with the sandbox manually

You can always run the sandbox yourself: -

$ cd auditable-logging-app
# The dev container would have installed your npm packages for you
make start-host

For how to use the app, please see test.sh to find example usage with curl command.